WP-Safety

Aruba HiSpeed Cache Security & Risk Analysis

wordpress.org/plugins/aruba-hispeed-cache

Aruba HiSpeed Cache interfaces directly with an Aruba hosting platform's HiSpeed Cache service and automates its management.

100K active installs v3.0.10 PHP 5.6+ WP 5.4+ Updated Mar 13, 2026
arubacacheoptimizepagespeedperformance
95
A · Safe
CVEs total6
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Aruba HiSpeed Cache Safe to Use in 2026?

Generally Safe

Score 95/100

Aruba HiSpeed Cache has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 18, 2026Updated 20d ago
Risk Assessment

The aruba-hispeed-cache plugin v3.0.10 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several key areas. The absence of dangerous functions, 100% use of prepared statements for SQL queries, a high percentage of properly escaped output (89%), and a substantial number of nonce and capability checks indicate a developer conscious of common vulnerabilities. Furthermore, the complete lack of taint analysis findings suggests that internal data flows are being handled with caution.

However, significant concerns arise from the attack surface and historical vulnerability data. The presence of 23 AJAX handlers, with one lacking any authentication checks, presents a direct pathway for potential unauthorized actions or information disclosure. This is a critical oversight that could be exploited. The plugin's history is also a notable red flag, with a total of six known CVEs. While none are currently unpatched, the common vulnerability types reported (Missing Authorization, Cross-site Scripting, Exposure of Sensitive Information) are precisely the kinds of issues that arise from insecure handling of input and access control, as suggested by the unprotected AJAX handler.

In conclusion, while the code demonstrates good practices in many areas, the unprotected AJAX endpoint and the historical pattern of critical vulnerability types warrant careful attention. The plugin's past issues, combined with a clear weakness in its current attack surface, suggest a plugin that requires ongoing vigilance and may not be as robust as its secure coding metrics might initially imply.

Key Concerns

  • Unprotected AJAX handler
  • History of 6 medium severity CVEs
Vulnerabilities
6

Aruba HiSpeed Cache Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
4 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-11725medium · 6.5Missing Authorization

Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification

Feb 18, 2026 Patched in 3.0.3 (1d)
CVE-2025-11706medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting

Feb 18, 2026 Patched in 3.0.3 (1d)
CVE-2026-23545medium · 5.3Missing Authorization

Aruba HiSpeed Cache <= 3.0.4 - Missing Authorization

Feb 18, 2026 Patched in 3.0.5 (7d)
CVE-2025-67913medium · 5.3Missing Authorization

Aruba HiSpeed Cache < 3.0.3 - Missing Authorization

Jan 1, 2026 Patched in 3.0.3 (14d)
CVE-2024-43119medium · 4.3Missing Authorization

Aruba HiSpeed Cache <= 2.0.12 - Missing Authorization

Aug 7, 2024 Patched in 2.0.13 (8d)
CVE-2023-44983medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Aruba HiSpeed Cache <= 2.0.6 - Sensitive Information Exposure via Log File

Nov 28, 2023 Patched in 2.0.7 (56d)
Code Analysis
Analyzed Mar 16, 2026

Aruba HiSpeed Cache Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
11 prepared
Unescaped Output
28
233 escaped
Nonce Checks
21
Capability Checks
25
File Operations
6
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared11 total queries

Output Escaping

89% escaped261 total outputs
Attack Surface
1 unprotected

Aruba HiSpeed Cache Attack Surface

Entry Points23
Unprotected1

AJAX Handlers 23

authwp_ajax_ahcs_clear_cachearuba-hispeed-cache.php:288
authwp_ajax_ahsc_clear_expired_transientaruba-hispeed-cache.php:327
authwp_ajax_ahsc_disable_debugaruba-hispeed-cache.php:399
authwp_ajax_ahsc_enable_purgearuba-hispeed-cache.php:423
authwp_ajax_ahsc_purge_homepage_on_editaruba-hispeed-cache.php:443
authwp_ajax_ahsc_purge_page_on_new_commentaruba-hispeed-cache.php:460
authwp_ajax_ahsc_purge_archive_on_editaruba-hispeed-cache.php:476
authwp_ajax_ahsc_cache_warmeraruba-hispeed-cache.php:493
authwp_ajax_ahsc_static_cachearuba-hispeed-cache.php:510
authwp_ajax_ahsc_lazy_loadaruba-hispeed-cache.php:526
authwp_ajax_ahsc_html_optimizeraruba-hispeed-cache.php:541
authwp_ajax_ahsc_dns_preconnectaruba-hispeed-cache.php:556
authwp_ajax_ahsc_dns_preconnect_domain_listaruba-hispeed-cache.php:571
authwp_ajax_ahsc_enable_cronaruba-hispeed-cache.php:611
authwp_ajax_ahsc_cron_statusaruba-hispeed-cache.php:638
authwp_ajax_ahsc_cron_timearuba-hispeed-cache.php:654
authwp_ajax_ahsc_xmlrpc_statusaruba-hispeed-cache.php:674
authwp_ajax_ahsc_reset_optionsaruba-hispeed-cache.php:690
authwp_ajax_ahsc_dboptimizationaruba-hispeed-cache.php:725
authwp_ajax_ahsc_check_apc_filesrc\AHSC_Apc.php:5
authwp_ajax_ahsc_create_apc_filesrc\AHSC_Apc.php:28
authwp_ajax_ahsc_update_apc_Settingssrc\AHSC_Apc.php:45
authwp_ajax_ahsc_delete_apc_filesrc\AHSC_Apc.php:60
WordPress Hooks 30
actionadmin_menuadmin\AHSC_Admin_Menu.php:7
filtersite_status_page_cache_supported_cache_headersaruba-hispeed-cache.php:131
actioninitaruba-hispeed-cache.php:150
actioninitaruba-hispeed-cache.php:199
actionwp_after_admin_bar_renderaruba-hispeed-cache.php:203
actionwp_enqueue_scriptsaruba-hispeed-cache.php:204
actionwp_enqueue_scriptsaruba-hispeed-cache.php:205
actionadmin_enqueue_scriptsaruba-hispeed-cache.php:207
actionadmin_enqueue_scriptsaruba-hispeed-cache.php:208
actionenqueue_block_assetsaruba-hispeed-cache.php:236
actionnetwork_admin_noticesaruba-hispeed-cache.php:347
actionadmin_noticesaruba-hispeed-cache.php:349
actionadmin_enqueue_scriptsaruba-hispeed-cache.php:353
actionadmin_noticesaruba-hispeed-cache.php:354
filtersite_status_testssrc\AHSC_Functions.php:385
actionwp_loadedsrc\AHSC_HtmlOptimizer.php:6
actionplugins_loadedsrc\AHSC_Lazyload.php:8
actiontemplate_redirectsrc\AHSC_Lazyload.php:9
filterwp_get_attachment_image_attributessrc\AHSC_Lazyload.php:18
filterget_avatarsrc\AHSC_Lazyload.php:19
filterwp_resource_hintssrc\AHSC_Preconnect.php:95
actionadmin_initsrc\AHSC_Static.php:9
actionadmin_initsrc\AHSC_Static.php:11
filterxmlrpc_enabledsrc\AHSC_XmlRPC.php:8
filterpings_opensrc\AHSC_XmlRPC.php:9
filterxmlrpc_methodssrc\AHSC_XmlRPC.php:10
actionpublish_postsrc\AHSC_XmlRPC.php:23
actionpublish_pagesrc\AHSC_XmlRPC.php:24
actioninitsrc\Events\AHSC_Deferer.php:9
actionelementor/editor/after_savesrc\Events\AHSC_PostType.php:23
Maintenance & Trust

Aruba HiSpeed Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version5.6
Downloads1000K

Community Trust

Rating60/100
Number of ratings10
Active installs100K
Alternatives

Aruba HiSpeed Cache Alternatives

WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
10Web Booster – Website speed optimization, Cache & Page Speed optimizer

10Web Booster – Website speed optimization, Cache & Page Speed optimizer

tenweb-speed-optimizer

A
86

Speed up your site with 10Web Booster. Pass Core Web Vitals by optimizing HTML / CSS / JavaScript, Image Optimization, Lazy Loading, Cache, Google Fon &hellip;

90K 5 CVEs
Seraphinite Accelerator

Seraphinite Accelerator

seraphinite-accelerator

A
95

Turns on site high speed to be attractive for people and search engines.

60K 9 CVEs
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

clearfy

A
95

Optimize and tweak WordPress by disable unused features. Improve performance, SEO and security using Clearfy — super easy, fast and zero code.

50K 6 CVEs
JCH Optimize

JCH Optimize

jch-optimize

A
98

This plugin automatically performs several front end optimizations to your site to boost performance and increase PageSpeed scores.

4K 3 CVEs
Developer Profile

Aruba HiSpeed Cache Developer Profile

Aruba.it Dev

1 plugin · 100K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect Aruba HiSpeed Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aruba-hispeed-cache/admin/assets/css/toolbar.css/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/toolbar.js/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/editor.js/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/settings.js
Script Paths
/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/toolbar.js/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/editor.js/wp-content/plugins/aruba-hispeed-cache/admin/assets/js/settings.js
Version Parameters
aruba-hispeed-cache/admin/assets/css/toolbar.css?ver=aruba-hispeed-cache/admin/assets/js/toolbar.js?ver=aruba-hispeed-cache/admin/assets/js/editor.js?ver=aruba-hispeed-cache/admin/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
ahsc-toolbar-containerahsc-toolbar-purgerahsc-toolbar-settings
Data Attributes
data-ahsc-actiondata-ahsc-noncedata-ahsc-id
JS Globals
AHSC_TOOLBAR
FAQ

Frequently Asked Questions about Aruba HiSpeed Cache